3179981c14
- fix CVE-2013-4351 (bnc#840510) (forwarded request 199274 from vitezslav_cizek) OBS-URL: https://build.opensuse.org/request/show/199283 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=71
61 lines
2.4 KiB
Diff
61 lines
2.4 KiB
Diff
commit 8f8f3984e82a025cf1384132a419f67f39c7e07d
|
|
Author: Werner Koch <wk <at> gnupg.org>
|
|
Date: Fri Mar 15 15:46:03 2013 +0100
|
|
|
|
gpg: Distinguish between missing and cleared key flags.
|
|
|
|
* include/cipher.h (PUBKEY_USAGE_NONE): New.
|
|
* g10/getkey.c (parse_key_usage): Set new flag.
|
|
--
|
|
|
|
We do not want to use the default capabilities (derived from the
|
|
algorithm) if any key flags are given in a signature. Thus if key
|
|
flags are used in any way, the default key capabilities are never
|
|
used.
|
|
|
|
This allows to create a key with key flags set to all zero so it can't
|
|
be used. This better reflects common sense.
|
|
|
|
Modified g10/getkey.c
|
|
Index: gnupg-2.0.9/g10/getkey.c
|
|
===================================================================
|
|
--- gnupg-2.0.9.orig/g10/getkey.c 2013-09-16 16:51:02.752624501 +0200
|
|
+++ gnupg-2.0.9/g10/getkey.c 2013-09-16 16:54:20.955952692 +0200
|
|
@@ -1457,13 +1457,19 @@ parse_key_usage(PKT_signature *sig)
|
|
|
|
if(flags)
|
|
key_usage |= PUBKEY_USAGE_UNKNOWN;
|
|
+
|
|
+ if (!key_usage)
|
|
+ key_usage |= PUBKEY_USAGE_NONE;
|
|
}
|
|
+ else if (p) /* Key flags of length zero. */
|
|
+ key_usage |= PUBKEY_USAGE_NONE;
|
|
|
|
/* We set PUBKEY_USAGE_UNKNOWN to indicate that this key has a
|
|
capability that we do not handle. This serves to distinguish
|
|
between a zero key usage which we handle as the default
|
|
capabilities for that algorithm, and a usage that we do not
|
|
- handle. */
|
|
+ handle. Likewise we use PUBKEY_USAGE_NONE to indicate that
|
|
+ key_flags have been given but they do not specify any usage. */
|
|
|
|
return key_usage;
|
|
}
|
|
Index: gnupg-2.0.9/include/cipher.h
|
|
===================================================================
|
|
--- gnupg-2.0.9.orig/include/cipher.h 2013-09-16 16:51:02.752624501 +0200
|
|
+++ gnupg-2.0.9/include/cipher.h 2013-09-16 16:56:27.028429026 +0200
|
|
@@ -62,6 +62,11 @@
|
|
#define PUBKEY_USAGE_CERT GCRY_PK_USAGE_CERT /* Also good to certify keys. */
|
|
#define PUBKEY_USAGE_AUTH GCRY_PK_USAGE_AUTH /* Good for authentication. */
|
|
#define PUBKEY_USAGE_UNKNOWN GCRY_PK_USAGE_UNKN /* Unknown usage flag. */
|
|
+#define PUBKEY_USAGE_NONE 256 /* No usage given. */
|
|
+#if (GCRY_PK_USAGE_SIGN | GCRY_PK_USAGE_ENCR | GCRY_PK_USAGE_CERT \
|
|
+ | GCRY_PK_USAGE_AUTH | GCRY_PK_USAGE_UNKN) >= 256
|
|
+# error Please choose another value for PUBKEY_USAGE_NONE
|
|
+#endif
|
|
|
|
#define DIGEST_ALGO_MD5 /* 1 */ GCRY_MD_MD5
|
|
#define DIGEST_ALGO_SHA1 /* 2 */ GCRY_MD_SHA1
|